Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Setting Up Smart Card Authentication
Operations Connector supports user authentication using smart cards. If smart card authentication is configured, you cannot log in without a valid smart card.
Learn More
Smart Card Authentication
Smart cards are physical devices used to identify users in secure systems. These cards can be used to store certificates both verifying the user's identity and allowing access to secure environments.
Operations Connector can be configured to use these certificates in place of the standard model of each user manually entering a user name and password. When using smart cards with Operations Connector, users can only log in using the smart card.
Tasks
Configure Operations Connector to Connect to a OMi Server That Requires Smart Card Authentication
Operations Connector can be configured to communicate with OMi servers that have enabled smart card authentication.
-
Configure Operations Connector to connect to a OMi server that requires a client certificate. By completing this step, you ensure that metrics data is sent and indicator data is received securely.
For details, see How to Configure Operations Connector to Connect to a OMi Server That Requires a Client Certificate topic.
-
Configure Operations Connector to send topology to a OMi server that requires a client certificate. By completing this step, you ensure that topology data is sent securely.
How to Configure the Topology Discovery Agent in Operations Connector When the OMi Server Requires a Client Certificate topic.
Enable Smart Card Authentication in Operations Connector
To configure smart card authentication in Operations Connector, complete the following tasks:
-
Import the certificate of your certificate authority to a truststore. You can use an existing one, or create a new one.
Go to the folder
C:\Program Files\HP\HP BTO Software\nonOV\jre\b\bin(Windows) or/opt/OV/nonOV/jre/b/bin(Linux) and run the following command:keytool -import -trustcacerts -alias <your alias> -keystore <path to the truststore file> -file <root CA certificate file>For example, on Linux, to add the certificate "hpca2ssG2_ns.cer" to the truststore "newTrustStore.jks", run:
./keytool -import -trustcacerts -alias TSTORE1 -keystore /tmp/newTrustStore.jks -file /tmp/hpca2ssG2_ns.cerYou need to define a password and agree to add the certificate to the truststore.
-
Configure the Operations Connector OVTomcat server to require a client certificate for mutual authentication and to use the truststore to which you imported the certificate.
The file
server.xmlused by OV Tomcat is recreated on each ovc start, with XPL values replacing the values from templates. Therefore run the Operations Agent toolovconfchgto change the settings in the XPL configuration:Run
ovconfchg -editto open the default system editor (Notepad on Windows, vi on Linux) and load the current XPL configuration.The Tomcat related XPL settings are in the XPL namespace NONOV.TomcatB. Configure the Tomcat server to request a client certificate by locating the following section Locate the following section:
<Connector port="30000" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS"
KeystoreFile="../groups/serverKeystore"
KeystoreType="JKS"
KeystorePass="changeit"/>Change
clientAuthto"true", and add the following attributes:truststoreFile="<path to the truststore file>"
truststorePass="<password>"
truststoreType="JKS"
/>Alternatively, change the settings directly, using the
-setoption:ovconfchg -ns <namespace> -set <parameter> <value>For example:
ovconfchg -ns NONOV.TomcatB -set clientAuth "true" -set truststoreFile "<path to the truststore file>" -set truststorePass "<password>" -set truststoreType "JKS" -
Start OVTomcat:
ovc -start ovtomcatB -
Add users to Operations Connector using the Operations Connector user command line tool:
-
In the Subject Alternative Name (SAN) field of the certificate, look for the value of the User Principal Name (UPN) in Other Name (OID: 1.3.6.1.4.1.311.20.2.3).
-
Use the user command-line tool to add a user to Operations Connector:
user -add <value of UPN> <password>The user tool requires a password for each user. However, the password is not used when logging into OMi connector using a smart card. Users must enter their smart card PIN instead.
For more information on the user command-line tool, see Local User Configuration Tool topic.
-
Disable Smart Card Authentication in Operations Connector
-
The file
server.xmlused by OV Tomcat is recreated on each ovc start, with XPL values replacing the values from templates. Therefore run the Operations Agent toolovconfchgto change the settings in the XPL configuration:-
Run
ovconfchg -editto open the default system editor (Notepad on Windows, vi on Linux) and load the current XPL configuration.The Tomcat related XPL settings are in the XPL namespace NONOV.TomcatB. Configure the Tomcat server to not request a client certificate by locating the following section:
<Connector port="30000" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0"
scheme="https" secure="true" clientAuth="true"
sslProtocol="TLS"
KeystoreFile="../groups/serverKeystore"
KeystoreType="JKS"
KeystorePass="changeit" truststoreFile="../templates.certificates/truststore.jks"
truststorePass="<password>"
truststoreType="JKS" />Change
clientAuthto"false". -
Alternatively, change the settings directly, using the
-setoption:ovconfchg -ns <namespace> -set <parameter> <value>For example:
ovconfchg -ns NONOV.TomcatB -set clientAuth "false"
-
-
Restart ovc:
ovc -restart ovtomcatB
Related topics
How to Configure Operations Connector to Connect to a OMi Server That Requires a Client Certificate
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-asm@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: